diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,3 +20,8 @@
 ## 0.1.2.2 -- 2020-09-19
 
 * No changes
+
+## 0.2.0.0 -- 2021-01-09
+
+* BREAKING: Change the signatures of the `getLtiIss`, `getLtiSub` and
+  `getLtiToken` functions to operate on `credsExtra` instead of sessions.
diff --git a/example/Main.hs b/example/Main.hs
--- a/example/Main.hs
+++ b/example/Main.hs
@@ -73,9 +73,9 @@
     let
         mCredsIdent = decodeUtf8 <$> M.lookup "credsIdent" sess
         mCredsPlugin = decodeUtf8 <$> M.lookup "credsPlugin" sess
-        mIss = getLtiIss sess
-        mSub = getLtiSub sess
-        mTok = getLtiToken sess
+        mIss = M.lookup "ltiIss" sess
+        mSub = M.lookup "ltiSub" sess
+        mTok = M.lookup "ltiToken" sess
 
     defaultLayout [whamlet|
         <h1>Yesod Auth LTI1.3 Example
diff --git a/src/Yesod/Auth/LTI13.hs b/src/Yesod/Auth/LTI13.hs
--- a/src/Yesod/Auth/LTI13.hs
+++ b/src/Yesod/Auth/LTI13.hs
@@ -31,6 +31,7 @@
     , LtiTokenClaims(..)
     , UncheckedLtiTokenClaims(..)
     , ContextClaim(..)
+    , LisClaim(..)
     , Role(..)
     ) where
 
@@ -45,8 +46,9 @@
 import Yesod.Core.Types (TypedContent)
 import Yesod.Core (toTypedContent, permissionDenied, setSession, lookupSession, redirect,
         deleteSession, lookupSessionBS, setSessionBS, runRequestBody,
-        getRequest, MonadHandler, SessionMap, notFound, getUrlRender)
+        getRequest, MonadHandler, notFound, getUrlRender)
 import qualified Data.ByteString.Base64.URL as B64
+import Data.ByteString.Builder (toLazyByteString)
 import Web.OIDC.Client.Tokens (IdTokenClaims(..))
 import Yesod.Core (YesodRequest(reqGetParams))
 import Control.Exception.Safe (Exception, throwIO)
@@ -271,24 +273,26 @@
 
     setCredsRedirect myCreds
 
--- | Gets the @iss@ for the given sesssion
-getLtiIss :: SessionMap -> Maybe Issuer
-getLtiIss sess =
-    E.decodeUtf8 <$> Map.lookup "ltiIss" sess
+type CredsExtra = [(Text, Text)]
 
--- | Gets the @sub@ for the given session
-getLtiSub :: SessionMap -> Maybe Issuer
-getLtiSub sess =
-    E.decodeUtf8 <$> Map.lookup "ltiSub" sess
+-- | Gets the @iss@ for the given @credsExtra@.
+getLtiIss :: CredsExtra -> Maybe Issuer
+getLtiIss crExtra =
+    lookup "ltiIss" crExtra
 
+-- | Gets the @sub@ for the given @credsExtra@
+getLtiSub :: CredsExtra -> Maybe Issuer
+getLtiSub crExtra = lookup "ltiSub" crExtra
+
 -- | Gets and decodes the extra token claims with the full LTI launch
---   information from a session
---
---   Signature slightly inaccurate: the claims have been checked at this stage.
-getLtiToken :: SessionMap -> Maybe UncheckedLtiTokenClaims
-getLtiToken sess =
-    (Map.lookup "ltiToken" sess)
-    >>= A.decodeStrict
+--   information from a @credsExtra@
+getLtiToken :: CredsExtra -> Maybe LtiTokenClaims
+getLtiToken crExtra =
+    -- note: the claims have been checked before they got into the credsExtra.
+    LtiTokenClaims <$> ((lookup "ltiToken" crExtra) >>= intoClaims)
+    where
+        intoClaims :: Text -> Maybe UncheckedLtiTokenClaims
+        intoClaims = A.decode . toLazyByteString . E.encodeUtf8Builder
 
 -- | Callbacks into your site for LTI 1.3
 class (YesodAuth site)
diff --git a/yesod-auth-lti13.cabal b/yesod-auth-lti13.cabal
--- a/yesod-auth-lti13.cabal
+++ b/yesod-auth-lti13.cabal
@@ -1,7 +1,7 @@
 cabal-version:       >=1.10
 
 name:                yesod-auth-lti13
-version:             0.1.2.2
+version:             0.2.0.0
 synopsis:            A yesod-auth plugin for LTI 1.3
 description:         A plugin using <https://hackage.haskell.org/package/lti13>
                      to implement IMS Global LTI 1.3 authentication for
@@ -25,7 +25,7 @@
     -- other-extensions:
     build-depends:       base >=4.12 && <5
                        -- these two are always updated in concert with each other
-                       , lti13                             == 0.1.2.2
+                       , lti13                             == 0.2.0.0
                        , base64-bytestring                 >= 1.0.0 && < 1.1
                        , bytestring                        >= 0.10.10 && < 0.11
                        , containers                        >= 0.6.2 && < 0.7
